issue_887: Added OWASP plugin. First run took about 40 minutes. Subse…

…quent runs took about 2-4 minutes. Plugin downloads the NVD (National Vulnerability Database) the very first time the user runs the analyzeDependency command (assuming said user does not already have it cached somewhereon their system. Once downloaded, the plugin checks the subprojects dependenies against that of the NVD's and creates an HTML report per subproject on all the critical dependencies subproject has.
nsacyber · Dec 20, 2024 · 9606b2a · 9606b2a
1 parent dcc2962
commit 9606b2a
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/build.gradle b/build.gradle
@@ -7,6 +7,7 @@ plugins {
     id 'application'
     id 'checkstyle'
     id 'com.github.spotbugs' version '6.0.13' apply false
+    id 'org.owasp.dependencycheck' version '11.1.1'
     id 'java'
 }
 
@@ -17,6 +18,7 @@ subprojects {
     apply plugin: "com.github.spotbugs"
     apply plugin: "java"
     apply plugin: "checkstyle"
+    apply plugin: "org.owasp.dependencycheck"
 
     repositories {
         flatDir { dirs "lib" }